5

I have the following line of aspx link that I would like to encode:

 Response.Redirect("countriesAttractions.aspx?=");

I have tried the following method:

 Response.Redirect(Encoder.UrlPathEncode("countriesAttractions.aspx?="));

This is another method that I tried:

    var encoded = Uri.EscapeUriString("countriesAttractions.aspx?=");
    Response.Redirect(encoded);

Both redirects to the page without the URL being encoded:

http://localhost:52595/countriesAttractions?=

I tried this third method:

 Response.Redirect(Server.UrlEncode("countriesAttractions.aspx?="));

This time the url itself gets encoded:

http://localhost:52595/countriesAttractions.aspx%3F%3D

However I get an error from the UI saying:

HTTP Error 404.0 Not Found
The resource you are looking for has been removed, had its name changed, or 
is temporarily unavailable.
Most likely causes:
-The directory or file specified does not exist on the Web server.
-The URL contains a typographical error.
-A custom filter or module, such as URLScan, restricts access to the file.

Also, I would like to encode another kind of URL that involves parsing of session strings:

Response.Redirect("specificServices.aspx?service=" + 
Session["service"].ToString().Trim() + "&price=" + 
Session["price"].ToString().Trim()));

The method I tried to include the encoding method into the code above:

Response.Redirect(Server.UrlEncode("specificServices.aspx?service=" + 
Session["service"].ToString().Trim() + "&price=" + 
Session["price"].ToString().Trim()));

The above encoding method I used displayed the same kind of results I received with my previous Server URL encode methods. I am not sure on how I can encode url the correct way without getting errors.

As well as encoding URL with CommandArgument:

Response.Redirect("specificAttractions.aspx?attraction=" + 
e.CommandArgument);

I have tried the following encoding:

Response.Redirect("specificAttractions.aspx?attraction=" + 
HttpUtility.HtmlEncode(Convert.ToString(e.CommandArgument)));

But it did not work.

Is there any way that I can encode the url without receiving this kind of error? I would like the output to be something like my second result but I want to see the page itself and not the error page.

I have tried other methods I found on stackoverflow such as self-coded methods but those did not work either. I am using AntiXSS class library in this case for the methods I tried, so it would be great if I can get solutions using AntiXSS library. I need to encode URL as part of my school project so it would be great if I can get solutions. Thank you.

Improve this question
30
  • 4
    You're question doesn't make much sense. We don't encode the URL, we only encode the parameters of the URL. So the only time we encode a complete URL is when it is passed as a parameter of anther URL. Perhaps you should explain what you're trying to do, so we can help you find the best way to do it. Commented Jan 22, 2018 at 3:08
  • Ok sorry I didn't know that URL cannot be encoded, I read from my lecture notes that it can be encoded. What I am trying to achieve is to encode the PARAMETERS that are being passed through a URL. Such as the url with my session parsing and command argument, is there any way where I can encode them within my URL? @RacilHilan Commented Jan 22, 2018 at 5:20
  • Yes there is. HttpUtility.UrlEncode method. It accepts a string and returns the encoded version. So you can call it once per parameter. msdn.microsoft.com/en-us/library/… Commented Jan 22, 2018 at 7:43
  • Can you write out an example on how I can use it? can perhaps use one of the urls i provided in my question to illustrate how I could have done it the correct way. the link you provided is quite vague and does not provide any examples. I used that method before but it did not encode my url. @ADyson Commented Jan 22, 2018 at 9:13
  • I tried the method you suggested, I got the same error page. @ADyson Commented Jan 22, 2018 at 9:19

1 Answer 1

Reset to default
2

You can use the UrlEncode or UrlPathEncode methods from the HttpUtility class to achieve what you need. See documentation at https://msdn.microsoft.com/en-us/library/system.web.httputility.urlencode(v=vs.110).aspx

It's important to understand however, that you should not need to encode the whole URL string. It's only the parameter values - which may contain arbitrary data and characters which aren't valid in a URL - that you need to encode.

To explain this concept, run the following in a simple .NET console application:

string url = "https://www.google.co.uk/search?q=";
//string url = "http://localhost:52595/specificAttractions.aspx?country=";
string parm = "Bora Bora, French Polynesia";
Console.WriteLine(url + parm);
Console.WriteLine(url + HttpUtility.UrlEncode(parm), System.Text.Encoding.UTF8);
Console.WriteLine(url + HttpUtility.UrlPathEncode(parm), System.Text.Encoding.UTF8);
Console.WriteLine(HttpUtility.UrlEncode(url + parm), System.Text.Encoding.UTF8);

You'll get the following output:

https://www.google.co.uk/search?q=Bora Bora, French Polynesia
https://www.google.co.uk/search?q=Bora+Bora%2c+French+Polynesia
https://www.google.co.uk/search?q=Bora%20Bora,%20French%20Polynesia
https%3a%2f%2fwww.google.co.uk%2fsearch%3fq%3dBora+Bora%2c+French+Polynesia

By pasting these into a browser and trying to use them, you'll soon see what is a valid URL and what is not.

(N.B. when pasting into modern browsers, many of them will URL-encode automatically for you, if your parameter is not valid - so you'll find the first output works too, but if you tried to call it via some C# code for instance, it would fail.)

Working demo: https://dotnetfiddle.net/gqFsdK

You can of course alter the values you input to anything you like. They can be hard-coded strings, or the result of some other code which returns a string (e.g. fetching from the session, or a database, or a UI element, or anywhere else).

N.B. It's also useful to clarify that a valid URL is simply a string in the correct format of a URL. It is not the same as a URL which actually exists. A URL may be valid but not exist if you try to use it, or may be valid and really exist.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

By the way, I have an additional question to ask. I have managed to encode the following line of URL with its session parameters successfully. Response.Redirect("specificServices.aspx?service=" + HttpUtility.UrlEncode(Session["service"].ToString().Trim(),Encoding.UTF8) + "&price="+ HttpUtility.UrlEncode(Session["price"].ToString().Trim(),Encoding.UTF8)); However, whenever i try to encode the line "&price=", my datalist output in the redirected page would not be shown. Do you happen to know why? @ADyson
In short, no I don't, mainly because I can't see what exact data you passed in as the "price" parameter, or what your other page does and how it tries to use the parameter, or what relationship that has to your datalist. I can't read your project, your runtime data, your screen, or your mind. And if you have another question, you need to create another question on StackOverflow and include all the necessary detail (including the information I've just described. The contents of your mind are optional :-) ). If you comment here linking to your new question, I can take a look at it. Thanks.
ohh i see it's fine then, thanks so much. I'm using another encode method for that line which does not affect my datalist. @ADyson

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.